Microsoft this week released seven security patches covering a wide array of the company's products. Two of those patches fix holes that Microsoft deemed "critical" and warned could allow remote attackers to take control of vulnerable Windows systems.
The software updates include fixes for previously unknown holes in Windows, including critical holes in the Windows Task Manager and HTML help features. The company also published a patch for a recent, publicly disclosed hole in the Windows Shell application programming interface (Shell API) and fixed a hole in older versions of the Internet Information Services (IIS) web server that one expert said is well-suited for use in an Internet worm.
The seven updates, named MS04-018 through MS04-024, were released in accordance with the company's monthly patching schedule. At the top of the list were two patches, MS04-022 and MS04-023, that Microsoft says are "critical" and could allow remote attackers to run malicious code on affected Windows systems, according to the Microsoft Web page.
In addition to those two critical fixes, Microsoft patched four holes rated "important," which indicates that exploitation could result in the compromising of data, but not the creation of an Internet worm. One of those patches is related to a widespread Web attack in late June in which hackers modified the configuration of Microsoft IIS Web servers, allowing malicious code to be appended to every HTML document served by the Web server.